Hi,
I have reviewed several threads regarding the qubes.UpdatesProxy. This file appears to belong to versions before 4.2. I recently installed 4.2. The problem is that the whonix* templates update fine, but the debian-12/fedora-38 templates can’t connect to the 127.0.0.1:8082 proxy.
In 4.2, I found the updatesProxy commands at /etc/qubes/policy.d/*
When running: grep -i 'templateVM' ./* /90-default.policy:# Upgrade all TemplateVMs through sys-whonix. /90-default.policy:#qubes.UpdatesProxy * @type:TemplateVM @default allow target=sys-whonix ./90-default.policy:# Upgrade Whonix TemplateVMs through sys-whonix. ./90-default.policy:# Deny Whonix TemplateVMs using UpdatesProxy of any other VM. ./90-default.policy:# Default rule for all TemplateVMs - direct the connection to sys-net ./90-default.policy:qubes.UpdatesProxy * @type:TemplateVM @default allow target=sys-net
Here is the entire excerpt from the 90-default.policy file: # HTTP proxy for downloading updates # Upgrade all TemplateVMs through sys-whonix. #qubes.UpdatesProxy * @type:TemplateVM @default allow target=sys-whonix # Upgrade Whonix TemplateVMs through sys-whonix. qubes.UpdatesProxy * @tag:whonix-updatevm @default allow target=sys-whonix # Deny Whonix TemplateVMs using UpdatesProxy of any other VM. qubes.UpdatesProxy * @tag:whonix-updatevm @anyvm deny # Default rule for all TemplateVMs - direct the connection to sys-net qubes.UpdatesProxy * @type:TemplateVM @default allow target=sys-net qubes.UpdatesProxy * @anyvm @anyvm deny
So sys-net is enabled for templateVMs - but they don’t get updated.
I get this error message: Error: Failed to download metadata for repo 'fedora': Cannot prepare internal mirrorlist: Curl error (28): Timeout was reached for https://mirrors.fedoraproject.org/metalink?repo=fedora-38&arch=x86_64 [Proxy CONNECT aborted due to timeout]
Besides this file, do I have to change anything else. In the debian/fedora settings, the Net Qube is set to default(none).
I also set the setting in the policy file to sys-whonix instead of sys-net. But it doesn’t appear to work.
I was able to update all VMs using sys-whonix. So the initial problem is gone.
Can anyone confirm that qubes.UpdatesProxy file is really gone from 4.2
I viewed the /etc/qubes-rpc/ folder. There are many qubes.* file but no qubes.UpdatesProxy file.
Btw, I have been viewing/editing the files in dom0.
I have the same problem after upgrading to 4.2, but explicitly do not want to use sys-whonix as an update proxy for fedora/debian VMs, but the default, which is sys-net, which doesn’t work, as described by the original poster. How do I get it working again?
What’s your sys-net template?
What’s the output of this command in dom0?
cat /etc/qubes/policy.d/* | grep UpdatesProxy
Try to set sys-net as “Default update proxy” in Qubes Global Config → Updates tab.
If “Default update proxy” is already set to sys-net then set it to some other qube, press Apply button and change to sys-net again and press Apply.